Artificial intelligence (AI) is seemingly everywhere in today’s tech landscape. The hype cycle is in full flow, especially regarding the use of large language models (LLM) for generative AI like OpenAI ChatGPT, Google Gemini and Anthropic Claude. Indeed, many tech companies are determined to add LLM into products where it sometimes seems tacked on. One use case where machine learning solutions, including LLMs and other AI techniques, are providing invaluable assistance to humans, is in cybersecurity defense.
However, there is no end to the misinformation about the rapid expansion of AI solutions changing the threat and defense landscapes. In this blog, we’ll address some of the misconceptions about the impact of AI solutions on cybersecurity and highlight how Progress Flowmon solutions use AI technologies to deliver improved network detection and response (NDR).
The information in this blog comes from a recent 30-minute webinar titled The Impact of AI on Cybersecurity presented by Filip Černý, Product Marketing Manager at Progress Software. The webinar covered the following topics:
In the first part of his webinar, Filip addresses common fears about the rise of the new LLM and other AI-based solutions:
Over the last few years, cyber threats like ransomware, malware and phishing have become more complex and frequent. As Filip notes in the webinar, the number and severity of cyberattacks against organizations have significantly increased.
Cybercriminals’ use of AI is influencing the trends in the cybersecurity threat landscape. We’ve seen AI-powered deepfakes emerge as a new threat, with cybercriminals using deepfake video technologies in phishing scams. Ransomware attacks have persisted and multi-pronged extortion tactics are becoming more common. Supply chain attacks also have skyrocketed by over 600% compared to the previous year.
Human error is a major factor in successful cyberattacks, with some surveys reporting that it is at the root of 95% of all data breaches. The use of AI solutions to make more convincing deepfake audio and video, phishing emails and realistic dummy websites for credential harvesting and drive-by malware deployment has increased the risks we all face and reduced the effort needed by bad actors when mounting attacks.
Filip recently wrote a blog post on the 2024 cybersecurity threat landscape, in which he examines the threats that will be significant this year in greater detail.
The increased attack activity over the last few years (which shows no signs of decreasing) has burdened cybersecurity teams. Security analysts face a rising number of security alerts, with over 55% having more than 10,000 daily alerts. This situation leads to alert fatigue, which increases the likelihood of missing crucial incidents.
The problems faced by cybersecurity teams have changed over the last decade. As Figure 1 shows, in 2015, the issue faced was the lack of visibility on the network and security-related events. Today, with the advent and deployment of increasingly sophisticated detection tools, the problem is that there are too many alerts, which makes it difficult, if not impossible, for IT professionals to identify dangerous activity.
Figure 1: The evolution of cyber defense challenges
This difficulty has real knock-on impacts on cybersecurity, as shown in Figure 2.
Figure 2: The results of alert overload
The volume of alerts often leads to teams filtering what they see, which increases the risk of an attack method slipping under the radar and allowing cybercriminals to access systems and data.
The use of AI tools isn’t only open to attackers. The good guys can also use the rapidly evolving AI-based solutions to boost defenses. Flowmon NDR uses AI to detect anomalies and prioritize security alerting. It combines machine learning, heuristics, behavioral analysis, adaptive baselining and threat intelligence to empower security teams by providing them with filtered, relevant and actionable information derived from the raw alert data.
Filip explains during the webinar that Flowmon NDR has the knowledge and AI engine to inform analysts: “What does this mean? What can we do about it? How can we remediate it?” By providing a knowledge-based machine-learning component in our NDR solution, we supplement the expertise available in your current cybersecurity team. This increases the capacity of the defensive response and the ability to detect and respond to threats quickly.
Figure 3 shows four top-level benefits that Flowmon NDR provides: a powerful detection engine, an extensive experience knowledgebase, smart prioritization of alerts to surface critical events and automation of analytics to streamline cybersecurity.
Figure 3: Flowmon AI-based NDR benefits
Customers achieve these benefits across on-premises, cloud and hybrid settings in the current infrastructure deployment environment.
Filip shares a compelling customer success story on the webinar (without naming the customer for privacy reasons). This customer, who had Flowmon NDR deployed, was able to detect an infected device acting as an illicit gateway to the Internet. When other devices used it to access resources outside the local network, it recorded details such as authentication credentials. The incident was dealt with in an hour and, more importantly, no harm was done as the customer used the AI-driven, anomaly detection capabilities of Flowmon.
You can read many more Flowmon NDR and related solutions success stories on our case studies page.
Visit the Flowmon platform page for details of the Flowmon solution and the Flowmon Security Operations page for more information on Flowmon NDR. If you’d like to speak with an expert about how Flowmon can help improve the security of your networks, don’t hesitate to contact us.
View all posts from Nick Vlasov on the Progress blog. Connect with us about all things application development and deployment, data integration and digital business.
Let our experts teach you how to use Sitefinity's best-in-class features to deliver compelling digital experiences.
Learn MoreSubscribe to get all the news, info and tutorials you need to build better business apps and sites